How to Hide Apache Version Number and Other Sensitive Info

When remote requests are sent to your Apache web server, by default, some valuable information such as the web server version number, server operating system details, installed Apache modules plus more, is sent along in server-generated documents back to the client.

This is a good deal of information for attackers to exploit vulnerabilities and gain access to your web server. To avoid showing Web sever information, we will show in this article how to hide the information of Apache Web Server using particular Apache directives.

ServerSignature

Which permits the adding of a footer line showing server name and version number under server-generated documents such as error messages, mod_proxy ftp directory listings, mod_info output plus many more.

It has three possible values:

On – which allows the adding of a trailing footer line in server-generated documents,

Off – disables the footer line and

EMail – creates a “mailto:” reference; which sends a mail to the ServerAdmin of the referenced document.

ServerTokens

It determines if the server response header field that is sent back to clients contains a description of the server OS-type and info concerning enabled Apache modules.

This directive has the following possible values (plus sample info sent to clients when the specific value is set):

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.